add HOOK_CHALLENGE option to run a command before the reponse

2026-03-21 16:49:01 +01:00 · 2015-12-06 01:06:17 +01:00
parent d211fece4a
commit b33f128893
2 changed files with 11 additions and 0 deletions
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,3 +2,8 @@

 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+
+# program called before responding to the challenge, arguments: path/to/token
+# token; can be used to e.g. upload the challenge if this script doesn't run
+# on the webserver
+#HOOK_CHALLENGE=
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -7,6 +7,7 @@ set -o pipefail
 # default config values
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
+HOOK_CHALLENGE=

 . ./config.sh

@@ -126,6 +127,11 @@ sign_domain() {
    printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}"
    chmod a+r "${WELLKNOWN}/${challenge_token}"

+    # Wait for hook script to deploy the challenge if used
+    if [ -n "${HOOK_CHALLENGE}" ]; then
+        ${HOOK_CHALLENGE} "${WELLKNOWN}/${challenge_token}" "${keyauth}"
+    fi
+
    # Ask the acme-server to verify our challenge and wait until it becomes valid
    echo "  + Responding to challenge for ${altname}..."
    result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"